Linux Comm Nmap
[ Linux Command Manual](#)
* * *
nmap (Network Mapper) is one of the most powerful network discovery and security auditing tools in Linux systems. It helps system administrators and security professionals:
* Discover active hosts on the network
* Scan open ports and services
* Identify operating system types and versions
* Detect vulnerabilities in network services
Due to its flexibility, powerful features, and cross-platform capabilities, nmap is widely used in network security assessments, system administration, network monitoring, and other fields.
* * *
## Basic Syntax
The basic command format for nmap is as follows:
nmap {Target Specification}
Where:
* `Scan Type`: Specifies the scanning technique used by nmap
* `Options`: Various parameters to configure scanning behavior
* `Target Specification`: Can be an IP address, hostname, or IP range
* * *
## Common Scan Types
### TCP SYN Scan (-sS)
The most commonly used and default scanning method, also known as "half-open scan":
nmap -sS 192.168.1.1
Features:
* Fast and stealthy
* Does not complete TCP three-way handshake
* Requires root privileges
### TCP Connect Scan (-sT)
Standard TCP connect scan:
nmap -sT 192.168.1.1
Features:
* Does not require root privileges
* Establishes complete TCP connection
* Slower and easier to detect
### UDP Scan (-sU)
Scan UDP ports:
nmap -sU 192.168.1.1
Features:
* UDP scanning is slower
* Many UDP services do not respond
* Requires root privileges
### OS Detection (-O)
Identify the target host's operating system:
nmap -O 192.168.1.1
* * *
## Common Options
### Port Specification (-p)
Scan specific ports or port ranges:
## Examples
nmap-p 80,443 192.168.1.1 # Scan ports 80 and 443
nmap-p 1-100 192.168.1.1 # Scan ports 1-100
nmap-p- 192.168.1.1 # Scan all 65535 ports
### Service Version Detection (-sV)
Probe detailed version information of services:
nmap -sV 192.168.1.1
### Scan Speed (-T)
Control scan speed (0-5, higher number means faster):
nmap -T4 192.168.1.1 # Faster scan speed
### Output Formats
Multiple output format options:
## Examples
nmap-oN result.txt 192.168.1.1 # Normal text format
nmap-oX result.xml 192.168.1.1 # XML format
nmap-oG result.gnmap 192.168.1.1 # Grepable format
* * *
## Practical Examples
### Basic Network Scan
nmap 192.168.1.1
Output example:
Starting Nmap 7.80 ( https://nmap.org ) at 2023-05-01 10:00 UTCNmap scan report for 192.168.1.1Host is up (0.045s latency).Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https
### Comprehensive Scan (OS + Service Version)
nmap -A 192.168.1.1
### Scan Entire Subnet
nmap 192.168.1.0/24
### Read Target List from File
nmap -iL targets.txt
* * *
## Scan Result Interpretation
Port state meanings in nmap output:
| State | Description |
| --- | --- |
| open | Port is open and has an application listening |
| closed | Port is closed (host reachable, but no application listening) |
| filtered | Port is filtered by firewall/network, state cannot be determined |
| unfiltered | Port is accessible, but cannot determine if open or closed (used in ACK scans) |
| open|filtered | Cannot determine if port is open or filtered (common in UDP scans) |
| closed|filtered | Cannot determine if port is closed or filtered |
* * *
## Security and Legal Considerations
1. **Legal Use**: Only scan networks and systems you have permission to scan
2. **Obtain Authorization**: Ensure written authorization before use in enterprise networks
3. **Avoid Abuse**: Large-scale rapid scanning may be considered attack behavior
4. **Respect Privacy**: Do not scan network resources that do not belong to you
* * *
## Advanced Techniques
### Bypassing Firewalls
## Examples
nmap-f--mtu 24 192.168.1.1 # Use fragmentation
nmap--data-length 100 192.168.1.1 # Add random data
nmap-D RND:5 192.168.1.1 # Decoy scan
### Scheduled Scan Script
## Example
#!/bin/bash
DATE=$(date +%Y%m%d)
nmap-sS-p--T4-oN scan_$DATE.log 192.168.1.0/24
### Result Comparison
ndiff scan1.xml scan2.xml
* * *
## FAQ
**Q: Why does nmap scanning require root privileges?** A: Certain scan types (such as SYN scans) require direct manipulation of network packets, which requires root privileges.
**Q: How to speed up scanning?** A: Use `-T4` or `-T5` options, reduce timeout values, or limit the port range to scan.
**Q: Can nmap scans be detected by firewalls?** A: Depends on scan type and firewall configuration. SYN scans are more stealthy than full connect scans.
**Q: How to scan IPv6 addresses?** A: Use IPv6 address directly: `nmap 2001:db8::1`
* * *
## Recommended Learning Resources
1. Official documentation: `man nmap`
2. Nmap official book: "Nmap Network Scanning"
3. Online tutorial: [https://nmap.org/book/toc.html](https://nmap.org/book/toc.html)
4. Interactive learning: [https://tryhackme.com/room/furthernmap](https://tryhackme.com/room/furthernmap)
By mastering nmap, you will have powerful network discovery capabilities, laying a solid foundation for system administration and network security work. It is recommended to start with simple scans and gradually try more complex options and techniques.
* * Linux Command Manual](#)
YouTip